Unveiling the Hidden Challenges of Cybersecurity Culture

In a recent conversation with Theo Zafirakos, Chief Information Security Officer (CISO), and Professional Services Lead at Fortra’s Terranova Security and Jim Love, Chief Information Officer (CIO) of IT World Canada, delved into the nuances of building a culture of data security. This article provides a sneak peek into the critical role of culture in cybersecurity programs.

The importance of cyber culture

Terranova Security recently conducted two studies, in collaboration with Canadian research firm Ipsos and Microsoft, which shed light on the significance of cybersecurity culture. Their first study, “Moving From Data Protection to CyberCulture,” sparked a conversation about the role of culture in cybersecurity. It underscored that cybersecurity culture encompasses attitudes, perceptions, behaviors, and feelings individuals hold towards cybersecurity in our society.

“In any aspect of our society, culture typically starts either at home or what we learn from our parents, at school and the education we receive, or the government services provided to citizens,” Zafirakos said. “As we all know, the cybersecurity culture doesn’t exist to its required capacity in those areas.”

Cybersecurity culture should prioritize the best practices and protection of sensitive personal information assets within organizations. It’s more than mere compliance; it’s about fostering a culture of knowledge and security awareness across the organization.

The risks of ignoring cybersecurity culture

Love and Zafirakos also delved into the risks associated with neglecting cybersecurity culture. Notably, failing to cultivate a robust culture can leave organizations ill-prepared for evolving cyber threats. 

“Cybercriminals have moved from targeting the machine to targeting the human,” Zafirakos said. “We see a lot of evolution in the way attacks are generated, created or even conducted. Artificial intelligence is also going to contribute to more sophisticated and error-proof attacks and scenarios.”

Moreover, the increasing reliance on cloud services and external partners adds complexity to the cybersecurity landscape. Cyberattacks are growing in complexity and frequency, often exploiting current events, technology trends, and popular brands to launch social engineering attacks.

The role of social engineering and phishing

While social engineering, including phishing, is a critical area where culture plays a pivotal role, it’s not the sole focus. While 90 per cent of data breaches and cyberattacks result from phishing, employees sometimes bypass cybersecurity controls to achieve work objectives, despite being aware of the rules and policies. This is analogous to individuals wearing seatbelts not solely because they believe it will save their lives but to avoid a ticket. Such behavior stems from a lack of full comprehension of the risks and consequences.

Unlock the full conversation by watching the video series and gain the knowledge needed to strengthen your organization’s cybersecurity culture.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now